Solved Error Message: Specified Authentication Package is Unknown

I managed to boot up in normal mode now by selecting "Last known good configuration" when I hit F8 at the startup screen. I'm not sure what state (and how long ago) this defaults too though.

One thing weird that has cropped up now is the Microsoft Security Essentials that I had earlier turned off while running ComboFix. I get a red alert in my taskbar and when I click to open MSE, it says "Security Essentials isn't monitoring your computer because the program's service stopped. You should restart it now." But when I click on "Start Now ", I get the following error message: "Couldn't start the security essentials service. The specified service does not exist as an installed service. Error code: 0x80070424 "

 

Also, my printers have disappeared. But I guess at least I can boot up from normal mode now.

 

There doesn't seem to be any other problems. I've got the printer port issue resolved. Do you have any idea where else might I be able to get help regarding the BSOD and computer slowing down?
Thank you!

 

"I managed to boot up in normal mode now by selecting "Last known good configuration" when I hit F8 at the startup screen. I'm not sure what state (and how long ago) this defaults too though. "
- Looking at the BSOD log, it looks like it has reverted to some time around Sep 2010.
- Do you know how this would have affected the cleaning process earlier when it reverts back to that "last known good configuration "?
- My computer seems to have slowed down in a different kind of way. Previously, the computer would become very slow suddenly in a very drastic manner. Now, it seems to be a more gradual process of slowing down.
- Here are the requested logs:


BSOD
==================================================
Dump File : Mini082210-02.dmp
Crash Time : 8/22/2010 7:21:26 PM
Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code : 0x000000ea
Parameter 1 : 0x8622e020
Parameter 2 : 0x8550cd48
Parameter 3 : 0x854a9350
Parameter 4 : 0x00000001
Caused By Driver : igxpdv32.DLL
Caused By Address : igxpdv32.DLL+bee1
File Description : Component GHAL Driver
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4964
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082210-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 69,908
==================================================

==================================================
Dump File : Mini082210-01.dmp
Crash Time : 8/22/2010 10:41:12 AM
Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code : 0x000000ea
Parameter 1 : 0x856d2020
Parameter 2 : 0x89b978d8
Parameter 3 : 0x858aea50
Parameter 4 : 0x00000001
Caused By Driver : igxpdv32.DLL
Caused By Address : igxpdv32.DLL+aac8
File Description : Component GHAL Driver
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4964
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082210-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 69,908
==================================================

==================================================
Dump File : Mini061310-01.dmp
Crash Time : 6/13/2010 8:43:29 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xb9e29075
Parameter 3 : 0x97776808
Parameter 4 : 0x00000000
Caused By Driver : sr.sys
Caused By Address : sr.sys+8075
File Description : System Restore Filesystem Filter Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061310-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini031510-01.dmp
Crash Time : 3/15/2010 10:33:55 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa3ab5c00
Parameter 3 : 0x95387ba8
Parameter 4 : 0x00000000
Caused By Driver : AESTAud.sys
Caused By Address : AESTAud.sys+1c00
File Description : Andrea Audio Driver
Product Name :
Company : Andrea Electronics Corporation
File Version : 1.0.8.0
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini031510-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini010610-01.dmp
Crash Time : 1/6/2010 10:05:50 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xa07db056
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0xa07db056
Caused By Driver : NDIS.sys
Caused By Address : NDIS.sys+1907c
File Description : NDIS 5.1 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini010610-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini010410-01.dmp
Crash Time : 1/4/2010 9:13:00 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xa1b02056
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0xa1b02056
Caused By Driver : NDIS.sys
Caused By Address : NDIS.sys+1907c
File Description : NDIS 5.1 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini010410-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini121709-01.dmp
Crash Time : 12/17/2009 10:59:44 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa123ac00
Parameter 3 : 0x9fa58ba8
Parameter 4 : 0x00000000
Caused By Driver : AESTAud.sys
Caused By Address : AESTAud.sys+1c00
File Description : Andrea Audio Driver
Product Name :
Company : Andrea Electronics Corporation
File Version : 1.0.8.0
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121709-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini083109-01.dmp
Crash Time : 8/31/2009 9:51:28 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x00000000
Parameter 4 : 0xe72bef28
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini083109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini083009-01.dmp
Crash Time : 8/30/2009 6:47:32 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe7c59048
Parameter 2 : 0x00000000
Parameter 3 : 0xbf82dbea
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+2dbea
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6064 (xpsp_sp3_gdr.101231-1614)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini083009-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini082909-01.dmp
Crash Time : 8/29/2009 1:51:34 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xef400048
Parameter 2 : 0x00000000
Parameter 3 : 0xbf82dbea
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+2dbea
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6064 (xpsp_sp3_gdr.101231-1614)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082909-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini080509-01.dmp
Crash Time : 8/5/2009 3:26:24 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa1ce0c00
Parameter 3 : 0xa0efcba8
Parameter 4 : 0x00000000
Caused By Driver : AESTAud.sys
Caused By Address : AESTAud.sys+1c00
File Description : Andrea Audio Driver
Product Name :
Company : Andrea Electronics Corporation
File Version : 1.0.8.0
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080509-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini071409-01.dmp
Crash Time : 7/14/2009 2:22:12 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa06c0c00
Parameter 3 : 0xa4a62ba8
Parameter 4 : 0x00000000
Caused By Driver : AESTAud.sys
Caused By Address : AESTAud.sys+1c00
File Description : Andrea Audio Driver
Product Name :
Company : Andrea Electronics Corporation
File Version : 1.0.8.0
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071409-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================


OTL
OTL logfile created on: 4/4/2011 11:43:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Yin Chao\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 119.60 Gb Free Space | 51.38% Space Free | Partition Type: NTFS

Computer Name: YINCHAO | User Name: Yin Chao | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 11:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yin Chao\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/17 04:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/09/09 14:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/08/18 10:39:28 | 000,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/08/15 08:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/02 05:22:34 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/02 05:22:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/07/02 05:22:16 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/02 05:22:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/30 08:57:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
PRC - [2008/06/24 07:16:50 | 000,243,000 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2008/06/15 06:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 06:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/12 08:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/03 15:28:50 | 000,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/05/14 17:42:16 | 000,105,472 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 08:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/11/26 16:40:38 | 000,413,696 | ---- | M] (Eberhard Werle) -- C:\Program Files2\Calibrize\CalibrizeResume.exe
PRC - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 11:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yin Chao\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/08/15 08:46:02 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/08/15 08:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- -- (BcmSqlStartupSvc)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/09/09 14:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/08/18 10:39:28 | 000,455,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/30 08:57:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV)
SRV - [2008/06/15 06:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/06/12 08:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/06/03 15:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/04/25 15:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/03/10 15:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/04/04 11:31:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{596C3828-DF34-4991-AD4E-6D1F94E10636}\MpKsl3c81cf4c.sys -- (MpKsl3c81cf4c)
DRV - [2008/08/19 00:01:20 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/08/19 00:01:14 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 00:01:12 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/08/18 23:37:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/11 05:46:24 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/07 06:36:22 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/07/31 21:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/23 05:27:04 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/07/02 05:22:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/02 05:12:18 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/01 06:47:30 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/06/30 08:57:26 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/06/30 08:57:16 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/06/24 07:16:52 | 000,172,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/22 17:42:40 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/22 17:42:40 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/22 17:42:40 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/18 15:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/08/10 08:27:54 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2007/08/10 08:27:54 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://chalk.uchicago.edu/
IE - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.google.com/mail/?ui=1 "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..network.proxy.socks: "127.0.0.1 "
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.socks_remote_dns: true

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files2\Mozilla Firefox\components [2011/02/26 12:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files2\Mozilla Firefox\plugins [2011/04/04 10:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files2\Mozilla Thunderbird\components [2011/01/08 07:46:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files2\Mozilla Thunderbird\plugins [2011/04/01 11:56:21 | 000,000,000 | ---D | M]

[2008/10/25 00:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yin Chao\Application Data\Mozilla\Extensions
[2011/01/04 01:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yin Chao\Application Data\Mozilla\Firefox\Profiles\sy1v9xfv.default\extensions
[2011/01/04 01:13:51 | 000,000,000 | ---D | M] ( "Garmin Communicator ") -- C:\Documents and Settings\Yin Chao\Application Data\Mozilla\Firefox\Profiles\sy1v9xfv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:59:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Yin Chao\Application Data\Mozilla\Firefox\Profiles\sy1v9xfv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 16:43:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/05 00:24:44 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2008/12/19 08:54:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 10:27:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 13:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/21 10:26:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/03/19 16:44:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/10/05 20:19:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES2\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/03 11:37:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MFARestart] C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008..\Run: [CalibrizeResume] C:\Program Files2\Calibrize\CalibrizeResume.exe (Eberhard Werle)
O4 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008..\Run: [CGFLoader] C:\Program Files2\Calibrize\CalibrizeLoader.exe (Colorjinn)
O4 - Startup: C:\Documents and Settings\Yin Chao\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote - C:\Program Files2\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab (WebPriKRX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} http://eng.krx.co.kr/anyadmin/common/activex/WebPonentGrid.CAB (CDEVGRID Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} http://eng.krx.co.kr/anyadmin/common/activex/WebPonentChart.CAB (WebPonentChart Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://creditsuisse.webex.com/client/T26L10NSP49EP24-creditsuisse/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 05:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2015/06/08 15:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StreamingStar
[2015/06/08 15:11:21 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2015/06/08 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\StreamingStar
[2011/04/04 11:38:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yin Chao\Desktop\OTL.exe
[2011/04/04 10:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Application Data\webex
[2011/04/04 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\My Documents\WebEx
[2011/04/04 09:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\PRIMETrade
[2011/04/04 09:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Start Menu\Programs\PrimeTrade (AD)
[2011/04/04 09:00:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/04 06:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2011/04/04 06:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2011/04/04 06:17:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/04/04 06:16:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/04/04 05:33:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/04 05:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/04/04 05:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/04 04:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/04 04:24:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/03 14:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/03 13:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/03 13:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/03 11:19:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/03 11:14:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/03 11:14:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/03 11:14:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/03 11:14:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 12:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\R
[2011/04/01 14:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Application Data\SUPERAntiSpyware.com
[2011/04/01 14:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/01 14:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/01 14:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/01 10:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Desktop\02_Chicago
[2011/04/01 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Application Data\Leadertech
[2011/04/01 05:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/01 05:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/01 05:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\Citrix
[2011/04/01 00:53:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/01 00:53:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 11:43:51 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/04/04 11:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yin Chao\Desktop\OTL.exe
[2011/04/04 11:37:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\WavXMapDrive.bat
[2011/04/04 11:36:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 11:36:52 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 11:36:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/04 11:31:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 11:31:04 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 11:01:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 10:02:55 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/04/04 09:32:02 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\PrimeTrade PROD.lnk
[2011/04/04 09:30:43 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Desktop\PrimeTrade PROD.lnk
[2011/04/04 09:24:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38A27774-56AE-43DC-9E9B-3433A63C89A8}.job
[2011/04/04 09:24:06 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/04 09:04:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/04 04:26:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/03 13:45:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/03 11:37:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 12:57:29 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/04/01 13:32:12 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 01:43:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110401-103700.backup
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/08/25 23:20:04 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Lightroom 2.4.lnk
[2011/04/04 09:32:02 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\PrimeTrade PROD.lnk
[2011/04/04 09:28:29 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Desktop\PrimeTrade PROD.lnk
[2011/04/04 04:37:35 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/04/04 04:31:00 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/04 04:25:53 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/03 14:07:17 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/03 13:45:55 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2011/04/03 11:19:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/03 11:19:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/03 11:14:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/03 11:14:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/03 11:14:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/03 11:14:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/03 11:14:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/29 23:47:36 | 002,054,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2857235442-2140658844-3269203862-1008-0.dat
[2010/09/29 23:47:32 | 000,346,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/28 15:36:45 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/28 13:18:24 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/09/28 13:16:04 | 000,000,542 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/12/19 00:08:14 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/17 22:04:35 | 000,089,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/30 21:10:43 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/08/30 21:10:43 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/06/09 23:50:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\PUTTY.RND
[2009/06/05 21:35:19 | 004,280,320 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\filesync.metadata
[2009/04/07 22:00:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Application Data\winscp.rnd
[2009/03/24 20:43:05 | 000,022,488 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Application Data\Comma Separated Values (Windows).ADR
[2008/12/24 14:31:50 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2008/12/24 14:25:10 | 000,000,665 | R--- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2008/12/24 14:18:05 | 000,182,920 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2008/12/24 14:18:04 | 000,005,855 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2008/12/18 13:10:58 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/28 15:13:19 | 000,109,823 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2008/10/28 15:13:19 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2008/10/28 15:13:04 | 000,000,398 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/10/28 15:12:43 | 000,001,199 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/10/28 15:12:19 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2008/10/28 15:12:19 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DAT
[2008/10/25 00:35:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/24 16:51:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Yin Chao\Local Settings\Application Data\WavXMapDrive.bat
[2008/10/19 16:43:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2008/10/19 16:43:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/10/19 16:42:19 | 000,001,200 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/10/19 01:34:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/19 01:21:48 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/19 01:11:34 | 000,157,008 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2008/10/19 01:10:14 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/09/09 14:17:12 | 000,652,800 | ---- | C] () -- C:\WINDOWS\System32\SMgina.dll
[2008/08/15 08:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/07/28 18:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/06/13 11:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/06/13 11:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/06/13 11:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/06/13 11:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/06/13 11:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/06/13 11:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/06/13 11:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/06/13 11:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/06/13 11:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/06/13 11:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/06/13 11:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/06/13 11:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/06/13 11:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/06/13 11:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/06/13 11:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/06/13 11:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/05/30 09:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/05/30 09:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/05/30 09:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

 

-repeated-

 

[2008/05/30 09:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/05/30 09:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/05/30 09:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/05/30 09:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/05/30 09:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/05/30 09:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/05/30 09:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/05/30 09:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/05/30 09:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/05/30 09:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/05/30 09:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/05/30 09:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/05/14 17:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/04/26 05:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/26 05:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/26 05:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/26 00:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/26 00:16:22 | 000,574,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/26 00:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/26 00:16:22 | 000,115,816 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/26 00:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/26 00:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/26 00:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/26 00:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/26 00:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/26 00:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/26 00:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/26 00:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 17:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 17:21:52 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/18 13:02:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/25 12:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/19 05:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 05:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/01/14 22:40:28 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\WebPonentGrid_eng.dll
[2007/01/14 22:40:26 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\WebPonentGrid_kor.dll
[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/30 12:58:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/07/08 12:05:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mbf2ieee.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/27 15:04:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ICOClient.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/10/19 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2010/10/24 00:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/10/19 01:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/12/04 14:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/04 06:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2009/01/14 21:32:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/04 07:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/04/04 06:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/04 05:31:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/04 05:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/10/05 17:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CRB
[2010/12/04 14:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/01/14 21:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/19 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/09/29 00:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/01/14 21:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/05/17 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2008/10/28 11:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/12/24 14:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zvprt50
[2009/03/18 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/03 15:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/25 15:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/19 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2008/10/25 02:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Thunderbird
[2008/10/19 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Wave Systems Corp
[2010/11/05 18:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Wave Systems Corp
[2011/04/04 05:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Canon
[2010/10/05 17:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\CRB
[2010/02/25 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Dropbox
[2011/01/04 01:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\GARMIN
[2009/03/03 22:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\gretl
[2011/04/01 05:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\ICAClient
[2011/04/01 10:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Leadertech
[2011/02/06 13:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\NetDrive
[2008/11/12 14:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Notepad++
[2008/11/12 14:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Nvu
[2010/04/06 12:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Parrot Audio Suite
[2009/02/20 00:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\RiskAMP
[2009/11/29 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\StreamTorrent
[2009/08/30 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\SystemRequirementsLab
[2008/10/25 00:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Thunderbird
[2010/05/18 15:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\TrueCrypt
[2008/10/25 01:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\Wave Systems Corp
[2011/04/04 10:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yin Chao\Application Data\webex
[2011/04/04 11:36:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/04 11:43:51 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/04/04 09:24:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38A27774-56AE-43DC-9E9B-3433A63C89A8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/26 05:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/10/24 16:50:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/03 13:45:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/03 13:00:18 | 000,020,912 | ---- | M] () -- C:\ComboFix.txt
[2008/04/26 05:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/19 16:47:20 | 000,005,814 | RH-- | M] () -- C:\dell.sdr
[2010/04/05 10:08:24 | 000,000,022 | ---- | M] () -- C:\Documents aA
[2011/04/04 11:31:04 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/26 05:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/04/26 05:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2011/04/03 13:54:28 | 000,048,817 | ---- | M] () -- C:\ndsvc.log
[2008/04/14 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 20:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/04 11:31:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/02/24 01:51:05 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/04/08 22:35:39 | 000,046,488 | ---- | M] () -- C:\WifiServiceLog.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/26 05:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7I.DLL
[2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA9.DLL
[2006/09/13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7I.DLL
[2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA9.DLL
[2008/07/06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/01/25 13:24:04 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2010/07/09 08:31:14 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 18:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/25 17:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 17:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 17:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/26 05:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/10/19 01:13:48 | 000,000,837 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\wave_license.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/10/24 16:51:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/26 05:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/04 11:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yin Chao\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 20:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/24 16:51:51 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Yin Chao\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/04 11:47:18 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Yin Chao\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 20:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 19:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 19:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 22:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 19:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/15 01:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 19:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 19:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 19:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 19:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 19:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >


Extras
OTL Extras logfile created on: 4/4/2011 11:43:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Yin Chao\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 119.60 Gb Free Space | 51.38% Space Free | Partition Type: NTFS

Computer Name: YINCHAO | User Name: Yin Chao | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

[HKEY_USERS\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files2\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files2\AVG\AVG8\avgemc.exe" = C:\Program Files2\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files2\AVG\AVG8\avgupd.exe" = C:\Program Files2\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{041F04B1-F985-44E8-A070-C3EB1A39369F}" = Dell ControlPoint Connection Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}" = Broadcom USH Host Components
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24E2F70D-B287-407D-9B5C-9D8B4C388D1A}" = hppPQVideoCM1312
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3393CDDB-27F0-4869-BED4-BE478598F0FF}" = Dell Control Point
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37C6566A-42BA-472B-AA79-9AF83F9446ED}" = XPS Viewer
"{38D2B3FA-3EF5-4110-96D2-DE775BB88F68}_is1" = xGPS Manager 1.0
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{514E6F84-36F7-48FF-BB40-BE3E0E25ADD9}_is1" = iPhone Tunnel Suite (v1)
"{518487D9-7D70-41D7-8292-1105E47A1145}" = Citrix Desktop Receiver
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52D299D8-F84E-497E-B4A4-D8F02782BFAA}" = Dell ControlPoint System Manager
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}" = NTRU TCG Software Stack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

 

"{581EE5FD-5A54-488D-9BF3-61688DF1A0A5}" = My Photo Books
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62D34682-3AF5-46E7-B284-4D6A203E6C7E}" = EasyThumb
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DD822CC-4CDD-4949-9000-CE62C3B22B26}" = hppSendFaxCM1312
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FAF7261-8F5F-411B-9FD1-93CBCF701DAD}" = hpzTLBXFX
"{70294646-CF46-4223-A2F4-EDC6A8420B2A}" = hppFaxUtilityCM1312
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{744596A8-4912-4A91-9607-EF066AC7CD67}" = MF Global-Futures STAS
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}" = Wave Infrastructure Installer
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94882586-CD3C-4C31-9A84-5636615DC3D7}" = hppscan3390
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9930D47E-BF88-4EED-9531-CC9EDAE1E448}" = hppscanCM1312
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1EA13D0-40C6-4DFC-98D6-6A8AB501DA63}" = hppCLJCM1312
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
"{AF27DACE-F3B2-4230-8347-CDABF5CEA9E7}" = Rotman Interactive Trader Client
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5ACFF96-F514-4D63-B41C-0AB5CD454DC0}" = CRB PowerSystem
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C793675F-0692-4969-A9D4-C191EFBF5518}" = hppScanToCM1312
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9AE5B83-86A9-4D59-9F62-104A884BDAAC}" = hppFaxDrvCM1312
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF30AD3D-50DE-4C6B-9435-56C22A99F9FA}" = hppTLBXFXCM1312
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F412B21E-9FEF-4FFC-ABFC-9DC9C5A69A1B}" = hppManualsCM1312
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-SST" = AT&T Service & Support Tool
"Audacity_is1" = Audacity 1.2.6
"AxCrypt" = AxCrypt (Remove Only)
"BanyanTreeMaldivesFT" = ebook BanyanTreeMaldivesFT
"CAL" = Canon Camera Access Library
"Calibrize_is1" = Calibrize 2.0
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EOS Utility" = Canon Utilities EOS Utility
"FBL Gameplay Demo_is1" = FBL Gameplay Demo build 100126.2882)
"Google Email Uploader" = Google Email Uploader 1.1.0808.1801
"gretl_is1" = gretl version 1.8.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HiDownload_is1" = HiDownload
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPLaserJetP4015" = HP LaserJet P4010_P4510 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"J@CK TVv3.0" = J@CK TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketMap_is1" = MarketMap version 6.3
"MatlabR2010a" = MATLAB Student R2010a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mighty Minds DIGImap 8" = Mighty Minds DIGImap 8
"Mighty Minds Digital Street Directory 4.2" = Mighty Minds Digital Street Directory 4.2
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NetDrive" = NetDrive
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Parrot Audio Suite" = Parrot Audio Suite
"PdaNet_is1" = PdaNet Desktop for iPhone 1.50 (beta)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PRIMETrade" = PRIMETrade
"ProInst" = Intel PROSet Wireless
"R for Windows 2.12.2_is1" = R for Windows 2.12.2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = Stream Torrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinDjView" = WinDjView 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wireless@SG SingTel" = Wireless@SG SingTel (1.0.0.0)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XY Chart Labeler 7.0" = XY Chart Labeler 7.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2857235442-2140658844-3269203862-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"309a46b1dc89b774" = Dell Driver Download Manager
"7a06f783a8f2fb78" = EasyReader
"Dropbox" = Dropbox
"RiskAMP Monte Carlo Add-In for Excel" = RiskAMP Excel Add-In 2.97 - Personal Edition
"WebICE" = WebICE

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2009 2:28:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 3:52:26 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 3:52:26 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:25:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:25:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:46:00 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6504.5000, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 9/8/2009 6:01:58 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:01:58 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:02:02 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:02:02 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 9/8/2009 2:28:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 3:52:26 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 3:52:26 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:25:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:25:29 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 4:46:00 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6504.5000, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 9/8/2009 6:01:58 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:01:58 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:02:02 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/8/2009 6:02:02 AM | Computer Name = YINCHAO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 5/19/2010 10:19:30 PM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1504
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 6/9/2010 10:05:33 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1793
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/18/2010 5:50:45 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/26/2010 2:25:43 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/4/2011 5:16:05 PM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1388
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/29/2011 2:46:32 PM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/30/2011 1:24:36 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/10/2011 12:52:49 PM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/10/2011 12:53:52 PM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/2/2011 11:22:50 AM | Computer Name = YINCHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 152493
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/13/2010 7:41:52 AM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/13/2010 12:33:07 PM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7034
Description = The Dell ControlPoint Button Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/13/2010 12:33:07 PM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7034
Description = The Dell ControlPoint System Manager service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/14/2010 8:15:24 AM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7000
Description = The WifiService service failed to start due to the following error:
%%2

Error - 7/14/2010 8:15:27 AM | Computer Name = YINCHAO | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/14/2010 8:15:28 AM | Computer Name = YINCHAO | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/14/2010 8:15:28 AM | Computer Name = YINCHAO | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/14/2010 8:16:49 AM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/14/2010 11:46:15 AM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7034
Description = The Dell ControlPoint Button Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/14/2010 11:46:15 AM | Computer Name = YINCHAO | Source = Service Control Manager | ID = 7034
Description = The Dell ControlPoint System Manager service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

 

All processes killed
========== OTL ==========
Service MSSQLServerADHelper stopped successfully!
Service MSSQLServerADHelper deleted successfully!
Error: No service named MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ was found to stop!
Service\Driver key MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ not found.
Service BcmSqlStartupSvc stopped successfully!
Service BcmSqlStartupSvc deleted successfully!
Service avg8wd stopped successfully!
Service avg8wd deleted successfully!
Service avg8emc stopped successfully!
Service avg8emc deleted successfully!
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
C:\WINDOWS\system32\drivers\SymIM.sys moved successfully.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\system32\drivers\SymIM.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\LastGood.Tmp\twain_32\MP495 series folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\twain_32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\spool\PRTPROCS\W32X86 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\spool\PRTPROCS folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\spool\DRIVERS\COLOR folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\spool\DRIVERS folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\spool folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\DLLCache folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\softwaredistribution\authcabs\7971f918-a847-4430-9279-4a52d1efe18d folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\softwaredistribution\authcabs folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\softwaredistribution folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\media folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\help folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\Downloaded Program Files folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 98214 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Yin Chao
->Temp folder emptied: 5573599 bytes
->Temporary Internet Files folder emptied: 7294948 bytes
->Java cache emptied: 49940 bytes
->FireFox cache emptied: 62759716 bytes
->Flash cache emptied: 6670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21972219 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2241360 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Yin Chao
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04052011_031448

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




=================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6269

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/5/2011 3:26:56 AM
mbam-log-2011-04-05 (03-26-56).txt

Scan type: Quick scan
Objects scanned: 191120
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

I am currently putting the computer to the online scan... and it is taking quite long so I will update with that in due course.

Just wanted to feedback that the computer seems to be getting faster now. Could you explain what we have done with all the programs/fixes, and what the initial problems were?

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
EasyCleaner
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.3
Chinese Traditional Fonts Support For Adobe Reader 9
Japanese Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.11) Firefox Out of Date!
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

 

Also, just wondering if you have any idea on what caused that "Authentication Manager" error after running ComboFix?

I was almost going to do a Dell PC restore (restore to factory settings)

 

Eset scan: no threats detected

Updates done. I did get an error with the JavaRa though.

Visual Studio Just-in-time Debugger
An unhandled win32 exception occurred in JavaRa.exe [1128]
Possible Debuggers:
New instance of Microsoft Visual Studio 2010

 

Ran JavaRa again, and had no problems this time